Hack any Mobile APP – Reverse engineering and Analysis Framework.

MARA is a Mobile Application Reverse engineering and Analysis Framework. It is a tool that puts together commonly used mobile application reverse engineering tools, in order to make the task or reverse engineering and analysis easier and friendly to mobile application developers and security professionals.

Scan ssl domains found in the app via the standalone SSL scanner that makes use of pyssltest and testssl

Installing MARA on Linux

MARA ships with a script that assists in downloading and installing the dependencies above. Simply run thesetup.sh script with sudo privilege and it will install them.

The following are the requirements for running MARA. The domain SSL scanning component requires an active internet connection. MARA works with Open JDK or Oracle JDK. We recommend version 7 and above when using either of them.

pip install pydot
After meeting all the requirements. If you run ./mara.sh –help you should see the MARA help menu as shown below.

MARA ships with a SSL scanner script that makes use of pyssltest and testssl. The stand alone SSL scanner can be run using the command ./ssl_scanner.sh and follow the instructions displayed. The findings from the scan are dumped in the domain scans folder i.e. /MARA_Framework/data/domain_scans/

While analyzing APK files, MARA provides the option of scanning domains found in the apk using the above mentioned tools. This scan runs in the background and can be skipped. In the event the scan is performed, the user is required to tail the two log files i.e pyssltest.log and testssl.log in/MARA_Framework/data/apk_name/analysis/static/ssl_scan/log/